[EXIM] IP spoofing

Top Page
Delete this message
Reply to this message
Author: Marilyn Davis
Date:  
To: exim-users
CC: zapa
Subject: [EXIM] IP spoofing

Thanks for all your consultations. You have convinced me that I can't
do what I want, i.e., reject mail with spoofed email addresses by
looking up and comparing IP addresses.

I'll have to make a confirm impediment (non-feature) for eVoting. I
really hate confirming and think that the whole works should have been
designed so that spoofing can't happen.

Apparently, amongst the tricks our attacker used, was to break into
some machines on the net and send mail from there. So I guess there
are only two solutions: confirming; or fixing all the holes in the
internet.

There was this from Jeffrey Goldberg:

>
> > My sysadmin tells me that the OS is a good place for it because the
> > OS handles the TCP. And, he sets a parameter there for this. Am I
> > making sense?
>
> That is ideally where this sort of thing should be. Did your sys adm tell
> you how s/he did that? I want to do that for a bunch of boxes I manage.


He says it's a configuration parameter at the time you build the
kernal. The latest Caldera, which we think is super, has it by
default. If you need a bigger hint, write me and I'll pass you onto
him.

And, to be sure I'm understood, I'm going to list some sample bogus
emails. If there was a way to stop these, I'd be willing to program
for months for it. The confirm thing won't take much programming but
I just hate to add the impediment to voting. Oh well.

Thanks again.

                                       *
Marilyn                               *
                                     *
                                    *
Marilyn Davis, Ph.D.-------------- * ---- eVote - online polling 

|                                 *       software for email lists:
|                          *     *        eVote-info@??? 

marilyn@???      *   *         
(650) 965-7121 ------------- * * -------- http://www.deliberate.com 
                              *           


Sample bogus mail headers.


>From owner-zzzapa@??? Sun Mar 21 22:22:10 1999

Return-Path: <owner-zzzapa>
Received: (from majordom@localhost)
    by deliberate.com (8.8.5/8.8.5) id WAA31313
    for zzzapa-outgoing; Sun, 21 Mar 1999 22:22:07 -0800
Received: from proxy1.ba.best.com (root@??? [206.184.139.12])
    by deliberate.com (8.8.5/8.8.5) with ESMTP id WAA31291
    for <zzzapa@???>; Sun, 21 Mar 1999 22:22:03 -0800
From: tiboruch@???
Received: from www.gorp.com (www.gorp.com [199.183.146.20])
    by proxy1.ba.best.com (8.9.3/8.9.2/best.in) with ESMTP id VAA25627
    for <zzzapa@???>; Sun, 21 Mar 1999 21:48:16 -0800 (PST)
Date: Sun, 21 Mar 1999 21:48:16 -0800 (PST)
Message-Id: <199903220548.VAA25627@???>
Received: from adventour.com ([200.13.17.193]) by www.gorp.com
          (Post.Office MTA v3.5.3 release 223 ID# 0-55786U100L100S0V35)
          with SMTP id com for <zzzapa@???>;
          Mon, 22 Mar 1999 00:30:40 -0500
Subject: ZZZAPA: La Consulta 
Sender: owner-zzzapa@???
Precedence: bulk
Reply-To: zzzapa@???
Contributed-By: tiboruch@???
Status: O


- . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - .
>From owner-zzzapa@??? Sun Mar 21 22:22:11 1999

Return-Path: <owner-zzzapa>
Received: (from majordom@localhost)
    by deliberate.com (8.8.5/8.8.5) id WAA31324
    for zzzapa-outgoing; Sun, 21 Mar 1999 22:22:08 -0800
Received: from proxy1.ba.best.com (root@??? [206.184.139.12])
    by deliberate.com (8.8.5/8.8.5) with ESMTP id WAA31292
    for <zzzapa@???>; Sun, 21 Mar 1999 22:22:03 -0800
From: taboruch@???
Received: from ns1.cableol.net (ns1.cableol.net [194.168.4.220])
    by proxy1.ba.best.com (8.9.3/8.9.2/best.in) with SMTP id VAA25605
    for <zzzapa@???>; Sun, 21 Mar 1999 21:48:10 -0800 (PST)
Received: from t1s184.data.net.mx by ns1.cableol.net; (5.65v3.2/1.1.8.2/22Feb96-0403PM)
    id AA12335; Mon, 22 Mar 1999 05:48:12 GMT
Date: Mon, 22 Mar 1999 05:48:12 GMT
Message-Id: <9903220548.AA12335@???>
Subject: ZZZAPA: La Consulta 
Apparently-To: <zzzapa@???>
Sender: owner-zzzapa@???
Precedence: bulk
Reply-To: zzzapa@???
Contributed-By: taboruch@???
Status: RO
- . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . 

>From owner-majordomo@??? Sun Mar 21 16:30:55 1999

Received: from ankara.bcc.bilkent.edu.tr (root@???)
    by deliberate.com (8.8.5/8.8.5) with ESMTP id QAA27270
    for <evote@???>; Sun, 21 Mar 1999 16:27:10 -0800
From: ovaceve@???
Received: from gopher.bilkent.edu.tr (t4s124.data.net.mx [200.13.21.133])
    by ankara.bcc.bilkent.edu.tr (8.8.8/8.8.8) with SMTP id XAA01490
    for <evote@???>; Sun, 21 Mar 1999 23:54:43 +0200 (EET)
Date: Sun, 21 Mar 1999 23:54:43 +0200 (EET)
Message-Id: <199903212154.XAA01490@???>
Subject: La Consulta 
- . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . 

>From owner-majordomo@??? Sun Mar 21 09:39:19 1999

Received: from proxy2.ba.best.com (root@??? [206.184.139.13])
    by deliberate.com (8.8.5/8.8.5) with ESMTP id JAA20075
    for <evote@???>; Sun, 21 Mar 1999 09:39:08 -0800
From: hvivero@???
Received: from jaguar.uam.edu.ni (jaguar.uam.edu.ni [205.218.250.3])
    by proxy2.ba.best.com (8.9.3/8.9.2/best.in) with SMTP id JAA15844
    for <evote@???>; Sun, 21 Mar 1999 09:36:18 -0800 (PST)
Received: from hermes.uninet.net.mx  by jaguar.uam.edu.ni via ESMTP (940816.SGI.8.6.9/940406.SGI.AUTO)
    for <evote@???> id LAA11513; Sun, 21 Mar 1999 11:42:27 -0800
Date: Sun, 21 Mar 1999 11:42:27 -0800
Message-Id: <199903211942.LAA11513@???>
Subject: La Consulta 
Apparently-To: <evote@???>
- . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . 

>From owner-majordomo@??? Sun Mar 21 16:16:04 1999

Received: from proxy1.ba.best.com (root@???)
    by deliberate.com (8.8.5/8.8.5) with ESMTP id QAA25434
    for <evote@???>; Sun, 21 Mar 1999 16:13:20 -0800
From: coacevedo@???
Received: from netra (netra.tnet.net.mx [207.248.133.21])
    by proxy1.ba.best.com (8.9.3/8.9.2/best.in) with SMTP id QAA29006
    for <evote@???>; Sun, 21 Mar 1999 16:08:37 -0800 (PST)
Received: from tnet.net.mx  by netra (SMI-8.6/SMI-SVR4)
    id SAA23514; Sun, 21 Mar 1999 18:05:44 -0600
Date: Sun, 21 Mar 1999 18:05:44 -0600
Message-Id: <199903220005.SAA23514@netra>
Subject: La Consulta 
Apparently-To: <evote@???>
- . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . 

>From owner-majordomo@??? Sun Mar 21 16:47:53 1999

Received: from proxy1.ba.best.com (root@???)
    by deliberate.com (8.8.5/8.8.5) with ESMTP id QAA29657
    for <evote@???>; Sun, 21 Mar 1999 16:44:59 -0800
From: ceaceved@???
Received: from mypad.MYPAD.COM ([209.218.33.127])
    by proxy1.ba.best.com (8.9.3/8.9.2/best.in) with ESMTP id QAA28222
    for <evote@???>; Sun, 21 Mar 1999 16:05:58 -0800 (PST)
Received: from themarines.com (200.13.21.133) by mypad.MYPAD.COM (NPlex 2.0.119) for evote@???; Sun, 21 Mar 1999 15:59:20 -0800
Date: Sun, 21 Mar 1999 15:59:20 -0800 (added by postmaster@???)
Message-ID: <36F3545B00007CEE@???> (added by postmaster@???)
Subject: La Consulta 
- . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . - . 


--
*** Exim information can be found at http://www.exim.org/ ***